Re: LDAP
Arthur EBEL said: > Hi :-) > > I would like to user freeradius and LDAP to authentication. Do u know > where > can I find documentation about this kind of configuration. > > Anyone have a experience about that ??? Yep. I already had existing user objects, so I added radiusprofile objectClass to them, and set their dialupAccess attribute to "enabled". Then I configured radiusd.conf to use the ldap modules. Viola. DS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WLAN + MD5
Alan DeKok wrote: "Krzysztof L." <[EMAIL PROTECTED]> wrote: Can anybody point me to simplest configuration of free radius for WLAN with MD5??? Don't do anything other than configure user, and a password for that user. See the FAQ for an example. The server comes configured to do EAP-MD5, if the client requests it. I realize the purpose of the list is not to assert correct or safe methods of operating your infrastructure, but am I mistaken in saying that EAP-MD5 in respects to WLAN authentication is not safe or recommended compared to say, EAP-(T)TLS? DS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
logging incomlete through daemontools (faq 3.4)
http://www.freeradius.org/faq/#3.4 describes setting up logging through daemontools/supervise. I am running freeradius-0.9.3 and have the following configuration as per the FAQ: $ cat /etc/radiusd/run #!/bin/sh exec 2>&1 exec /usr/local/sbin/radiusd -fyz -lstderr $ cat /etc/radiusd/log/run #!/bin/sh exec setuidgid radiuslog multilog t ./main But the only thing logged through supervise is my startup messages: $ cat /etc/radiusd/log/main/current @40003fc78e3d06ff9294 Fri Nov 28 11:04:35 2003 : Info: Starting - reading configuration files ... @40003fc78f6b16f3e09c Fri Nov 28 11:09:37 2003 : Info: Starting - reading configuration files ... @40003fc78f7535ea5c4c Fri Nov 28 11:09:47 2003 : Info: Starting - reading configuration files ... @40003fc790cb11bd8eac Fri Nov 28 11:15:29 2003 : Info: Starting - reading configuration files ... I have tested authentication that result in Access-Reject as well as Access-Accept but neither of them make it to the logs. Is there something I'm missing? Also, manpage radiusd(8) lists the "-v" option in the SYNOPSIS but does not describe it below. I could assume it means "verbose", but maybe it means "version"? TIA DS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_* not present - server won't run
Alan DeKok wrote: "Sancho2k.net Lists" <[EMAIL PROTECTED]> wrote: Commenting this out causes the next module to not be found. I see that ALL of the defined modules I have are not found. Am I not supposed to have a .so file for every module? Yes. If you don't, go back and read the output of "make", and then the output of "make install" The only apparent problems to me are the occurances of the following warnings: checking gethostbyaddr_r() syntax... configure: warning: ** BSD Style gethostbyaddr might NOT be thread-safe! ** BSD-style checking gethostbyname_r() syntax... configure: warning: ** BSD Style gethostbyname might NOT be thread-safe! ** BSD-style In the output of 'make' I have: .. Making static dynamic in rlm_mschap... gmake[5]: Entering directory `/home/sancho/src/freeradius-0.9.2/src/modules/rlm_mschap' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../../include -c rlm_mschap.c -o rlm_msch ap.o /home/sancho/src/freeradius-0.9.2/libtool --mode=link ld \ -module -static -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../../include rlm_mschap.o -o rlm_mschap.a mkdir .libs ar cru rlm_mschap.a rlm_mschap.o ranlib rlm_mschap.a gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../../include -c smbencrypt.c -o smbencry pt.o gcc -I../../include -o smbencrypt smbencrypt.o ../../lib/libradius.a /home/sancho/src/freeradius-0.9.2/libtool --mode=compile gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOUR CE -DNDEBUG -I../../include -c rlm_mschap.c rm -f .libs/rlm_mschap.lo gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../../include -c rlm_mschap.c -fPIC -DPIC - o .libs/rlm_mschap.lo gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../../include -c rlm_mschap.c -o rlm_mschap. o >/dev/null 2>&1 mv -f .libs/rlm_mschap.lo rlm_mschap.lo /home/sancho/src/freeradius-0.9.2/libtool --mode=link gcc -release 0.9.2 \ -module -export-dynamic -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../../include \ -o rlm_mschap.la -rpath /usr/local/freeradius-0.9.2/lib rlm_mschap.lo -lresolv -lpthread rm -fr .libs/rlm_mschap.la .libs/rlm_mschap.* .libs/rlm_mschap-0.9.2.* *** Warning: This library needs some functionality provided by -lresolv. *** I have the capability to make that library automatically link in when *** you link to this library. But I can only do this if you have a *** shared version of the library, which you do not appear to have. *** Warning: libtool could not satisfy all declared inter-library *** dependencies of module rlm_mschap. Therefore, libtool will create *** a static module, that should work as long as the dlopening *** application is linked with the -dlopen flag. ar cru .libs/rlm_mschap.a rlm_mschap.o ranlib .libs/rlm_mschap.a creating rlm_mschap.la (cd .libs && rm -f rlm_mschap.la && ln -s ../rlm_mschap.la rlm_mschap.la) gmake[5]: Leaving directory `/home/sancho/src/freeradius-0.9.2/src/modules/rlm_mschap' .. And related output from 'make install': .. Making install in rlm_chap... gmake[5]: Entering directory `/home/sancho/src/freeradius-0.9.2/src/modules/rlm_chap' if [ "xrlm_chap" != "x" ]; then \ /home/sancho/src/freeradius-0.9.2/libtool --mode=install /home/sancho/src/freeradius-0.9.2/install-sh -c -c \ rlm_chap.la /usr/local/freeradius-0.9.2/lib/rlm_chap.la; \ rm -f /usr/local/freeradius-0.9.2/lib/rlm_chap-0.9.2.la; \ ln -s rlm_chap.la /usr/local/freeradius-0.9.2/lib/rlm_chap-0.9.2.la; \ fi /home/sancho/src/freeradius-0.9.2/install-sh -c -c .libs/rlm_chap.lai /usr/local/freeradius-0.9.2/lib/rlm_chap.la /home/sancho/src/freeradius-0.9.2/install-sh -c -c .libs/rlm_chap.a /usr/local/freeradius-0.9.2/lib/rlm_chap.a ranlib -t /usr/local/freeradius-0.9.2/lib/rlm_chap.a chmod 644 /usr/local/freeradius-0.9.2/lib/rlm_chap.a PATH="$PATH:/sbin" ldconfig -m /usr/local/freeradius-0.9.2/lib -- Libraries have been installed in: /usr/local/freeradius-0.9.2/lib If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `LD_LIBRARY_PATH' environment variable during execution - use the `-Wl,-rpath,LIBDIR' linker flag See any operating system documentation about shared libraries for more
rlm_* not present - server won't run
After configuring radiusd.conf: # /usr/local/freeradius-0.9.2/sbin/radiusd -X [...] radiusd: entering modules setup Module: Library search path is /usr/local/freeradius-0.9.2/lib:/usr/lib:/usr/local/lib radiusd.conf[523] Failed to link to module 'rlm_chap': file not found Commenting this out causes the next module to not be found. I see that ALL of the defined modules I have are not found. Am I not supposed to have a .so file for every module? # ls -l /usr/local/freeradius-0.9.2/lib/*.so -rwxr-xr-x 1 root wheel 239672 Nov 16 03:25 /usr/local/freeradius-0.9.2/lib/libradius-0.9.2.so lrwxr-xr-x 1 root wheel 18 Nov 16 03:25 /usr/local/freeradius-0.9.2/lib/libradius.so -> libradius-0.9.2.so Here is my config string: ./configure --prefix=/usr/local/freeradius-0.9.2 \ --enable-ltdl-install --enable-experimental-modules What gives? Why won't my modules install/load? What did I botch this time? ;) TIA, DS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: seeking a tool to graph radius logs
I am interested. would you mind sending to <[EMAIL PROTECTED]> ? DS [EMAIL PROTECTED] wrote: For those desiring the info on mrtg, send me your e-mail and I'll send you my configuration I use and instructions on setting it up including crons etc. Thanks John sorry if this is a dumb question, but what are the lines do you add to the mrtg.cfg to do that? On Thursday 30 October 2003 14:23, you wrote: Try mrtg... It allows you to issue one command that produces a number I use radwho -r | grep (server IP) | wc -l... This number is filed and I have the script run every five minutes. MRTG is the way to go... We would like to have a graph of our Radius log which displays the hours people use the server. Is anyone aware of any (preferably open source) tools that generate graphs from Radius logs? My initial google searches have not turned up much. radius + graph has lots of mis-hits. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: external authentication
Sila Sujjinanont wrote: Hi. All Howto use external authentication for Freeradius. Thank. Sila S R E A D T H E D O C S . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help on FreeBSD.
Roger Cates wrote: We are trying to set up FreeRadius on a FreeBSD 4.8 system. For some reason it won't compile. It complained about not having gnu make, so I downloaded, compiled and installed gnu make and it still says it can't find it. Are there any switches or flags I need to adjust? Once you've installed gmake from ports, run 'gmake' instead of 'make' during your installation. DS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
802.11b AP preparation
I am preparing to embark on a project to build a 802.11b access point
from a soekris net4521. I'm new to wi-fi technology but am starting to
research proposed 802.11i standards and items such as TKIP, 802.1x, WPA
and EAP.
What capabilities does FreeRadius support that are recommended for the
security of my new WLAN? And what are some commonly used configurations
that any of you would recommend that I implement to ensure
authentication and encryption on my wireless network?
Here is a rough diagram of my physical setup:
(fxp0) (fxp1)
INTERNET --- Soekris --< { wired net }
|(wi0)
^
{ wireless net }
I intend to have 2 private subnets (wired and wireless) and route
between them and from them to the internet on the soekris. Clients that
will be in use on the wlan are: Win 2k/XP desktops and Win2k/linux laptops.
TIA,
DS
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and Wi-fi networks
Not a lot of details that tell anyone where to start with your problem. Provide details about what you're trying to set up, what you expect to happen, and how it is failing. Robert P. McKenzie wrote: I have been trying to get Freeradius setup for use with my wi-fi network but I just can't seem to get the configurations working. My network consists of: Linux server (hard wired) D-Link DWL-6000AP (802.1x enabled) several laptops with DWL-650ab cards If anyone can help I would be deeply grateful, please reply here or via private email if possible. Cheers!!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Tools to manage detail file
Moktar KONE wrote: Hi all, I am looking for some tools that can handle the "detail" file (/var/log/radius/radacct/NAS-IP/detail ) and generate a report at the end of every day. thanks I remember seeing a RADIUS logfile accounting program that may be able to do what you want. Search freshmeat.net. DS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FW: pap question
Sorry people, when I first started writing this letter, I wasn't going to bother you all with details of having to steal the ip address of the old server to test it. Today, when I finished the letter, I told that little story at the end. -Original Message- From: Lists @ Apted Tech. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 22, 2003 5:36 PM To: [EMAIL PROTECTED] Subject: pap question I have set up Freeradius 0.8.1 on a basic RedHat 8.0 install to replace several windows radius servers we run right now. Freeradius auths off of a mysql database using cleartext passwords so that CHAP may be used. We resell DSL lines through a larger ISP who proxies the auths to our radius servers using pap. After I got all the username/passwords and group attributes put into the sql database, I had the ISP start proxying the requests to the new box running freeradius, and this is what showed up in the logs: ... Auth: Login incorrect: [username/\007\323\002m2\227\035b%\346\211\234\036\342\233a] (from client theclient port 0) The server proxying these requests is using PAP, the encryption_scheme = clear in radiusd.conf, and I know the PAP module is loading just before the CHAP module does. I know that I could run the server in debug mode to see exactly what is going on, but its a live box that is handling all auths for my company now (except DSL :) and my superiors will not let me take it down, restart, etc at all. The larger ISP who proxies these requests to us is notoriously hard to get a hold of for issues like testing a new radius server (sometimes it takes over a week just hear back from them). To test the new system, I had to actually take the old windows RADIUS server down (after making sure the clients/secrets and username/password information was on the new box also) and steal it's ip address. So I'm hoping somebody may have an idea on what is going on. Thanks all. -Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
pap question
I have set up Freeradius 0.8.1 on a basic RedHat 8.0 install to replace several windows radius servers we run right now. Freeradius auths off of a mysql database using cleartext passwords so that CHAP may be used. We resell DSL lines through a larger ISP who proxies the auths to our radius servers using pap. After I got all the username/passwords and group attributes put into the sql database, I had the ISP start proxying the requests to the new box running freeradius, and this is what showed up in the logs: ... Auth: Login incorrect: [username/\007\323\002m2\227\035b%\346\211\234\036\342\233a] (from client theclient port 0) The server proxying these requests is using PAP, the encryption_scheme = clear in radiusd.conf, and I know the PAP module is loading just before the CHAP module does. I know that I could run the server in debug mode to see exactly what is going on, but its a live box that is handling all auths for my company now (except DSL :) and my superiors will not let me take it down, restart, etc at all. The larger ISP who proxies these requests to us is notoriously hard to get a hold of for issues like testing a new radius server (sometimes it takes over a week just hear back from them). To test the new system, I had to actually take the old windows RADIUS server down (after making sure the clients/secrets and username/password information was on the new box also) and steal it's ip address. So I'm hoping somebody may have an idea on what is going on. Thanks all. -Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
difference in logs
I have just setup freeradius 0.8 on redhat 8 (2.4.18-14) and like it much
more that icradius, but I am seeing a strange occurrence in my logs. We
have many other radius servers that are proxying requests to us, and this
box is intended as a replacement to one of the radius servers we use right
now running icradius. User auth information is stored in mysql database and
all is working fine as far as I can see. However, during some testing
between this new box and a client radius server that is forwarding auth
requests by using fully qualified username ([EMAIL PROTECTED]). The
@customcpu.com should be stripped and then testing is sent to our box for
auth. In my main radius log file (/var/log/radius) the auth request appears
to come in as it should:
Mon Dec 30 17:27:29 2002 : Auth: Login OK: [testing] (from client
acs-proxy[4] port 32 cli 9075692251)
However, when I check the detail log file, I see:
Mon Dec 30 17:27:29 2002
Acct-Session-Id = "1E002868"
User-Name = "[EMAIL PROTECTED]"
NAS-IP-Address = 209.112.154.7
NAS-Port = 32
NAS-Port-Type = Async
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Connect-Info = "52000 LAPM/V42BIS"
Called-Station-Id = "2744107"
Calling-Station-Id = "9075692251"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 209.112.139.144
Acct-Delay-Time = 0
Client-IP-Address = 209.193.61.249
Acct-Unique-Session-Id = "abef067046a44f52"
Timestamp = 1041301649
Mon Dec 30 17:28:27 2002
Acct-Session-Id = "1E002868"
User-Name = "[EMAIL PROTECTED]"
NAS-IP-Address = 209.112.154.7
NAS-Port = 32
NAS-Port-Type = Async
Acct-Status-Type = Stop
Acct-Session-Time = 58
Acct-Authentic = RADIUS
Connect-Info = "52000 LAPM/V42BIS"
Acct-Input-Octets = 2136
Acct-Output-Octets = 788
Called-Station-Id = "2744107"
Calling-Station-Id = "9075692251"
Acct-Terminate-Cause = User-Request
LE-Terminate-Detail = "User Request - PPP Term Req"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 209.112.139.144
Acct-Delay-Time = 0
Client-IP-Address = 209.193.61.249
Acct-Unique-Session-Id = "abef067046a44f52"
Timestamp = 1041301707
I have session information being logged via radutmp & sql in radiusd.conf:
session {
radutmp
sql
}
the sql database shows the same information as the detail file entries
above.
radlast shows:
testing@ 032:0XCaBw 209.112.139.159 Mon Dec 30 17:29 - 17:35 (00:06)
radwho (while the connection was active):
testing@cu testing@customcpu PPP S32 Mon 17:36 209.112.1 209.112.139.129
Im not to informed on the more advanced features of the radius protocol, but
I have been trying to find something to explain this occurrence in the
documentation and cannot. I don't understand how an auth request can come
in for a username testing, and be authenticated and logged one place, then
show up as [EMAIL PROTECTED] in another log? @customcpu.com should
have been stripped from the username before being send to my server, but
then again, /var/log/radius shows the request coming in as just testing. I
have no reference of any kind to @customcpu.com in any part of my config, so
i'm wondering how many parts to a radius authentication request packet there
are? Is there a field in the auth request where my server could be seeing
@customcpu.com but not considering it when checking against the my mysql
user database? I would really love it if someone would at least flame me
right before pointing me in some direction that will help me understand what
is going on here. Thanks much all.
-Chris Ochap
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
Well, to answer my own question, I should but I am not. I have the
following entry in radiusd.conf
authorize {
preprocess
attr_filter
sql
}
attr_filter in turn has this:
attr_filter {
attrsfile = ${confdir}/attrs
}
and attrs
DEFAULT
Service-Type == Framed-User,
Service-Type == Login-User,
Login-Service == Telnet,
Login-Service == Rlogin,
Login-Service == TCP-Clear,
Login-TCP-Port <= 65536,
Framed-IP-Address == 255.255.255.254,
Framed-IP-Netmask == 255.255.255.255,
Framed-Protocol == PPP,
Framed-Protocol == SLIP,
Framed-Compression == Van-Jacobson-TCP-IP,
Framed-MTU >= 576,
Framed-Filter-ID =~ ".*",
Reply-Message =~ ".*",
Session-Timeout <= 28800,
Idle-Timeout <= 600,
Port-Limit <= 2,
Ascend-Data-Filter += "ip in forward tcp est",
Ascend-Data-Filter := "ip in forward dstip ip.of.mailbox/32",
Ascend-Data-Filter := "ip in drop tcp dstport = 25",
Ascend-Data-Filter := "ip in forward",
Fall-Through = yes
what gives?
>OK it's getting clearer. Now, when I use radtest, should I see those
>filters in the output? Cause I am not seeing any.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Chris
Parker
Sent: Tuesday, May 28, 2002 11:37 AM
To: [EMAIL PROTECTED]
Subject: Re: Need Help: Struggling to add Ascend-Data-Filter in
Freeradius 0.4
At 02:30 PM 5/28/2002 -0400, Alan DeKok wrote:
>"Lists" <[EMAIL PROTECTED]> wrote:
> > I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been
running
> > great. I am now required to add Ascend-Data-Filter (s). After
reading
> > the documentation I came up with the following:
> >
> > The following in /usr/local/freeradius/etc/raddb/attrs
> >
> > DEFAULT
> > Service-Type == Framed-User,
> > Service-Type == Login-User,
>
> This is wrong. Please read 'man 5 users' for a description of what
>'==' does.
This is not 'users'. This is 'attrs'. The operators specified were
correct for that usage, apart from the Data-Filter ones, which should
have been := ( Set Operator ). :)
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless!\ Director, Engineering
| @ @ |\ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\--
\ Wholesale Internet Services -
http://www.megapop.net
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
OK it's getting clearer. Now, when I use radtest, should I see those filters in the output? Cause I am not seeing any. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Chris Parker Sent: Tuesday, May 28, 2002 11:37 AM To: [EMAIL PROTECTED] Subject: Re: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4 At 02:30 PM 5/28/2002 -0400, Alan DeKok wrote: >"Lists" <[EMAIL PROTECTED]> wrote: > > I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been running > > great. I am now required to add Ascend-Data-Filter (s). After reading > > the documentation I came up with the following: > > > > The following in /usr/local/freeradius/etc/raddb/attrs > > > > DEFAULT > > Service-Type == Framed-User, > > Service-Type == Login-User, > > This is wrong. Please read 'man 5 users' for a description of what >'==' does. This is not 'users'. This is 'attrs'. The operators specified were correct for that usage, apart from the Data-Filter ones, which should have been := ( Set Operator ). :) -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been running
great. I am now required to add Ascend-Data-Filter (s). After reading
the documentation I came up with the following:
The following in /usr/local/freeradius/etc/raddb/attrs
DEFAULT
Service-Type == Framed-User,
Service-Type == Login-User,
Login-Service == Telnet,
Login-Service == Rlogin,
Login-Service == TCP-Clear,
Login-TCP-Port <= 65536,
Framed-IP-Address == 255.255.255.254,
Framed-IP-Netmask == 255.255.255.255,
Framed-Protocol == PPP,
Framed-Protocol == SLIP,
Framed-Compression == Van-Jacobson-TCP-IP,
Framed-MTU >= 576,
Framed-Filter-ID =~ ".*",
Reply-Message =~ ".*",
Session-Timeout <= 28800,
Idle-Timeout <= 600,
Port-Limit <= 2,
Ascend-Data-Filter = "ip in forward tcp est",
Ascend-Data-Filter = "ip in forward dstip ip.of.mail.box/32",
Ascend-Data-Filter = "ip in drop tcp dstport = 25",
Ascend-Data-Filter = "ip in forward"
And the following in /usr/local/freeradus/etc/raddb/radius.conf
authorize {
preprocess
attr_filter
sql
# files
# counter
# attr_filter
# eap
# suffix
# files
# mschap
}
but alas, the filters do not get send. What am I missing?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please send me a sample config
Please send me a sample config or tell me when I can find one. I really don't understand radius very well however what I need is: A cisco access server A mysql table with accounts A mysql table with accounting info MS-CHAP for authentication protocol Thanks for any help, Michael - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
